Implemented LDAP component of GPO-based access control

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

3 files changed, 16 insertions, 0 deletions

diff --git a/src/util/sss_ldap.h b/src/util/sss_ldap.h
index f298b2fbb..4172da3e4 100644
--- a/src/util/sss_ldap.h
+++ b/src/util/sss_ldap.h
@@ -55,6 +55,20 @@ int sss_ldap_get_diagnostic_msg(TALLOC_CTX *mem_ctx,
 #define LDAP_SERVER_ASQ_OID "1.2.840.113556.1.4.1504"
 #endif /* LDAP_SERVER_ASQ_OID */
 
+#ifndef LDAP_SERVER_SD_OID
+#define LDAP_SERVER_SD_OID "1.2.840.113556.1.4.801"
+#endif /* LDAP_SERVER_SD_OID */
+
+
+/*
+ * The following four flags specify which security descriptor parts to retrieve
+ * during sd_search (see  http://msdn.microsoft.com/en-us/library/aa366987.aspx)
+ */
+#define SECINFO_OWNER ( 0x00000001 )
+#define SECINFO_GROUP ( 0x00000002 )
+#define SECINFO_DACL ( 0x00000004 )
+#define SECINFO_SACL ( 0x00000008 )
+
 int sss_ldap_control_create(const char *oid, int iscritical,
                             struct berval *value, int dupval,
                             LDAPControl **ctrlp);
diff --git a/src/util/util_errors.c b/src/util/util_errors.c
index 90faa3e42..2b99faf74 100644
--- a/src/util/util_errors.c
+++ b/src/util/util_errors.c
@@ -58,6 +58,7 @@ struct err_string error_to_str[] = {
     { "Malformed extra attribute" }, /* ERR_INVALID_EXTRA_ATTR */
     { "Cannot get bus message sender" }, /* ERR_SBUS_GET_SENDER_ERROR */
     { "Bus message has no sender" }, /* ERR_SBUS_NO_SENDER */
+    { "User/Group SIDs not found" }, /* ERR_NO_SIDS */
 };
 
 
diff --git a/src/util/util_errors.h b/src/util/util_errors.h
index 4d9f16c0a..da518272b 100644
--- a/src/util/util_errors.h
+++ b/src/util/util_errors.h
@@ -80,6 +80,7 @@ enum sssd_errors {
     ERR_INVALID_EXTRA_ATTR,
     ERR_SBUS_GET_SENDER_ERROR,
     ERR_SBUS_NO_SENDER,
+    ERR_NO_SIDS,
     ERR_LAST            /* ALWAYS LAST */
 };